How Elpass Encrypt Your Data

Elpass Support

December 07, 2019 17:09

Updated

Elpass uses the most cutting-edge encryption algorithms. Here is a simplified summarization:

First. The master password is hashed with Argon2id algorithm. This requires 256 MiB of dedicated RAM, and takes about 1.0 seconds on iPhone 11 Pro, to against a brute force attack. The salt for hashing is generated randomly while creating vault or changing the master password.

The output of step 1 is the key to decrypt the encrypted part of Index file. This step uses XSalsa20+Poly1305 algorithm. Now the master key of the vault is extracted.

Then, Elpass derives multiple sub-keys from the master key with BLAKE2B algorithm. Every file is encrypted with a distinguishing sub-key.